90d7ed6f01d8f532b4952193a124ec7a81e3583a5edca568547bf1aa7df447fc | Triage

Sharing

General

Target

90d7ed6f01d8f532b4952193a124ec7a81e3583a5edca568547bf1aa7df447fc
Size

97KB
Sample

221202-2lm43aef9y
MD5

3e0280728dd451fac5adeaa605d26e74
SHA1

a04e9396763e76400d7abc276a0ed7de2d04dec9
SHA256

90d7ed6f01d8f532b4952193a124ec7a81e3583a5edca568547bf1aa7df447fc
SHA512

880e1b92391d27f9aac3e18105fb821595d6a3f1652f8316fa11d7b690926e967a994ef4f44a773483ada12f6c5193aaa800c0ed1f46c78218a3800e848cf2f1
SSDEEP

1536:anqdu3abBGy3G8V0iuodPprBmh/F9hSNfWy:aqhMPsDrBmh/F9sl

Score

10^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  90d7ed6f01d8f532b4952193a124ec7a81e3583a5edca568547bf1aa7df447fc
- Size
  
  97KB
- MD5
  
  3e0280728dd451fac5adeaa605d26e74
- SHA1
  
  a04e9396763e76400d7abc276a0ed7de2d04dec9
- SHA256
  
  90d7ed6f01d8f532b4952193a124ec7a81e3583a5edca568547bf1aa7df447fc
- SHA512
  
  880e1b92391d27f9aac3e18105fb821595d6a3f1652f8316fa11d7b690926e967a994ef4f44a773483ada12f6c5193aaa800c0ed1f46c78218a3800e848cf2f1
- SSDEEP
  
  1536:anqdu3abBGy3G8V0iuodPprBmh/F9hSNfWy:aqhMPsDrBmh/F9sl
Score

10^/10

evasion persistence ransomware
- Modifies system executable filetype association
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware